Next-Generation of Exploit Kit Detection by Building Simulated Obfuscators

Explore the next generation of exploit kit detection through the construction of simulated obfuscators in this Black Hat conference talk. Delve into the world of driving-by downloads attacks and the role of exploit kits in malware delivery. Learn about the key obfuscation techniques used to evade firewall detection and the limitations of current research approaches. Discover how rebuilding obfuscators for six notorious exploit kit families can benefit cybersecurity research. Examine the design and implementation of these simulated obfuscators, their evaluation process, and the insights gained from generating a vast array of samples. Investigate the evolution of obfuscators within each exploit kit family and explore potential predictions for future variations. Challenge current variation naming conventions and consider a new approach based on actual obfuscator changes. Gain valuable knowledge on the amplification effect of obfuscator modifications on obfuscated pages and its implications for cybersecurity.

Introduction
Welcome
Background
Website
Obstacle Page
Previous research
Scheduling application
Reverse engineering
In the real world
Data complicity
Highlevel picture
Normalization
Rotation
Color Structure
Similarity
Stream Crossing
Hierarchical Crossmark
Passive Threshold
Analysis
Life Cycle
New Version
Angular is Poor Kid
Application Engine Change
Conclusion
Outro